GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-12-22 22:49:52 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ST1000DM003-1ER162 rev.CC45 931,51GB Running: phoc47h6.exe; Driver: C:\Users\ARTYST~1\AppData\Local\Temp\kgliiuog.sys ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwReplaceKey + 1525 82E48B55 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E82BB2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtCreateFile + 6 770A56B6 4 Bytes [28, D8, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtCreateFile + B 770A56BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtMapViewOfSection + 6 770A5D16 4 Bytes [28, DB, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtMapViewOfSection + B 770A5D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtOpenFile + 6 770A5DC6 4 Bytes [68, D8, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtOpenFile + B 770A5DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtOpenProcess + 6 770A5E76 4 Bytes [A8, D9, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtOpenProcess + B 770A5E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtOpenProcessToken + 6 770A5E86 4 Bytes CALL 760AAB64 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtOpenProcessToken + B 770A5E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtOpenProcessTokenEx + 6 770A5E96 4 Bytes [A8, DA, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtOpenProcessTokenEx + B 770A5E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtOpenThread + 6 770A5EF6 4 Bytes [68, D9, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtOpenThread + B 770A5EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtOpenThreadToken + 6 770A5F06 4 Bytes [68, DA, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtOpenThreadToken + B 770A5F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtOpenThreadTokenEx + 6 770A5F16 4 Bytes CALL 760AABF5 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtOpenThreadTokenEx + B 770A5F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtQueryAttributesFile + 6 770A6026 4 Bytes [A8, D8, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtQueryAttributesFile + B 770A602B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtQueryFullAttributesFile + 6 770A60D6 4 Bytes CALL 760AADB3 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtQueryFullAttributesFile + B 770A60DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtSetInformationFile + 6 770A6726 4 Bytes [28, D9, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtSetInformationFile + B 770A672B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtSetInformationThread + 6 770A6786 4 Bytes [28, DA, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtSetInformationThread + B 770A678B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtUnmapViewOfSection + 6 770A6AA6 4 Bytes [68, DB, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[944] ntdll.dll!NtUnmapViewOfSection + B 770A6AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2464] ntdll.dll!NtCreateFile + 6 770A56B6 4 Bytes [28, B8, 07, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2464] ntdll.dll!NtCreateFile + B 770A56BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2464] ntdll.dll!NtMapViewOfSection + 6 770A5D16 4 Bytes [28, BB, 07, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2464] ntdll.dll!NtMapViewOfSection + B 770A5D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2464] ntdll.dll!NtOpenFile + 6 770A5DC6 4 Bytes [68, B8, 07, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2464] ntdll.dll!NtOpenFile + B 770A5DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2464] ntdll.dll!NtOpenProcess + 6 770A5E76 4 Bytes [A8, B9, 07, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2464] ntdll.dll!NtOpenProcess + B 770A5E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2464] ntdll.dll!NtOpenProcessToken + B 770A5E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2464] ntdll.dll!NtOpenProcessTokenEx + 6 770A5E96 4 Bytes [A8, BA, 07, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2464] ntdll.dll!NtOpenProcessTokenEx + B 770A5E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2464] ntdll.dll!NtOpenThread + 6 770A5EF6 4 Bytes [68, B9, 07, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2464] ntdll.dll!NtOpenThread + B 770A5EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2464] ntdll.dll!NtOpenThreadToken + 6 770A5F06 4 Bytes [68, BA, 07, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2464] ntdll.dll!NtOpenThreadToken + B 770A5F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2464] ntdll.dll!NtOpenThreadTokenEx + B 770A5F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2464] ntdll.dll!NtQueryAttributesFile + 6 770A6026 4 Bytes [A8, B8, 07, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2464] ntdll.dll!NtQueryAttributesFile + B 770A602B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2464] ntdll.dll!NtQueryFullAttributesFile + B 770A60DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2464] ntdll.dll!NtSetInformationFile + 6 770A6726 4 Bytes [28, B9, 07, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2464] ntdll.dll!NtSetInformationFile + B 770A672B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2464] ntdll.dll!NtSetInformationThread + 6 770A6786 4 Bytes [28, BA, 07, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2464] ntdll.dll!NtSetInformationThread + B 770A678B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2464] ntdll.dll!NtUnmapViewOfSection + 6 770A6AA6 4 Bytes [68, BB, 07, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2464] ntdll.dll!NtUnmapViewOfSection + B 770A6AAB 1 Byte [E2] .text C:\Users\artystav2\AppData\Local\GG\Application\ggapp.exe[2556] ntdll.dll!NtCreateFile 770A56B0 5 Bytes JMP 62776E2C C:\Users\artystav2\AppData\Local\GG\Application\xulrunner\xul.dll .text C:\Users\artystav2\AppData\Local\GG\Application\ggapp.exe[2556] ntdll.dll!NtFlushBuffersFile 770A5A40 5 Bytes JMP 62776CC7 C:\Users\artystav2\AppData\Local\GG\Application\xulrunner\xul.dll .text C:\Users\artystav2\AppData\Local\GG\Application\ggapp.exe[2556] ntdll.dll!NtQueryFullAttributesFile 770A60D0 5 Bytes JMP 62776EAD C:\Users\artystav2\AppData\Local\GG\Application\xulrunner\xul.dll .text C:\Users\artystav2\AppData\Local\GG\Application\ggapp.exe[2556] ntdll.dll!NtReadFile 770A63A0 5 Bytes JMP 62776BA3 C:\Users\artystav2\AppData\Local\GG\Application\xulrunner\xul.dll .text C:\Users\artystav2\AppData\Local\GG\Application\ggapp.exe[2556] ntdll.dll!NtReadFileScatter 770A63B0 5 Bytes JMP 62776BEC C:\Users\artystav2\AppData\Local\GG\Application\xulrunner\xul.dll .text C:\Users\artystav2\AppData\Local\GG\Application\ggapp.exe[2556] ntdll.dll!NtWriteFile 770A6B50 5 Bytes JMP 62776C35 C:\Users\artystav2\AppData\Local\GG\Application\xulrunner\xul.dll .text C:\Users\artystav2\AppData\Local\GG\Application\ggapp.exe[2556] ntdll.dll!NtWriteFileGather 770A6B60 2 Bytes JMP 62776C7E C:\Users\artystav2\AppData\Local\GG\Application\xulrunner\xul.dll .text C:\Users\artystav2\AppData\Local\GG\Application\ggapp.exe[2556] ntdll.dll!NtWriteFileGather + 3 770A6B63 2 Bytes [6D, EB] .text C:\Users\artystav2\AppData\Local\GG\Application\ggapp.exe[2556] ntdll.dll!LdrLoadDll 770C2576 5 Bytes JMP 6CAE1F42 C:\Users\artystav2\AppData\Local\GG\Application\xulrunner\mozglue.dll .text C:\Users\artystav2\AppData\Local\GG\Application\ggapp.exe[2556] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 75B2952E 1 Byte [E9] .text C:\Users\artystav2\AppData\Local\GG\Application\ggapp.exe[2556] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 75B2952E 7 Bytes JMP 6273EEC3 C:\Users\artystav2\AppData\Local\GG\Application\xulrunner\xul.dll .text C:\Users\artystav2\AppData\Local\GG\Application\ggapp.exe[2556] kernel32.dll!QueryPerformanceCounter + 13 75B2C535 7 Bytes JMP 6273EE7B C:\Users\artystav2\AppData\Local\GG\Application\xulrunner\xul.dll .text C:\Users\artystav2\AppData\Local\GG\Application\ggapp.exe[2556] kernel32.dll!LoadAppInitDlls + 355 75B2F5F6 7 Bytes JMP 6371E562 C:\Users\artystav2\AppData\Local\GG\Application\xulrunner\xul.dll .text C:\Users\artystav2\AppData\Local\GG\Application\ggapp.exe[2556] USER32.dll!GetWindowInfo 75D24B5E 5 Bytes JMP 630F662C C:\Users\artystav2\AppData\Local\GG\Application\xulrunner\xul.dll .text C:\Users\artystav2\AppData\Local\GG\Application\ggapp.exe[2556] GDI32.dll!GetViewportOrgEx + 26C 7546884B 7 Bytes JMP 6273EEEA C:\Users\artystav2\AppData\Local\GG\Application\xulrunner\xul.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2896] ntdll.dll!NtCreateFile + 6 770A56B6 4 Bytes [28, B0, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2896] ntdll.dll!NtCreateFile + B 770A56BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2896] ntdll.dll!NtMapViewOfSection + 6 770A5D16 4 Bytes [28, B3, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2896] ntdll.dll!NtMapViewOfSection + B 770A5D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2896] ntdll.dll!NtOpenFile + 6 770A5DC6 4 Bytes [68, B0, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2896] ntdll.dll!NtOpenFile + B 770A5DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2896] ntdll.dll!NtOpenProcess + 6 770A5E76 4 Bytes [A8, B1, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2896] ntdll.dll!NtOpenProcess + B 770A5E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2896] ntdll.dll!NtOpenProcessToken + B 770A5E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2896] ntdll.dll!NtOpenProcessTokenEx + 6 770A5E96 4 Bytes [A8, B2, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2896] ntdll.dll!NtOpenProcessTokenEx + B 770A5E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2896] ntdll.dll!NtOpenThread + 6 770A5EF6 4 Bytes [68, B1, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2896] ntdll.dll!NtOpenThread + B 770A5EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2896] ntdll.dll!NtOpenThreadToken + 6 770A5F06 4 Bytes [68, B2, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2896] ntdll.dll!NtOpenThreadToken + B 770A5F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2896] ntdll.dll!NtOpenThreadTokenEx + B 770A5F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2896] ntdll.dll!NtQueryAttributesFile + 6 770A6026 4 Bytes [A8, B0, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2896] ntdll.dll!NtQueryAttributesFile + B 770A602B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2896] ntdll.dll!NtQueryFullAttributesFile + B 770A60DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2896] ntdll.dll!NtSetInformationFile + 6 770A6726 4 Bytes [28, B1, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2896] ntdll.dll!NtSetInformationFile + B 770A672B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2896] ntdll.dll!NtSetInformationThread + 6 770A6786 4 Bytes [28, B2, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2896] ntdll.dll!NtSetInformationThread + B 770A678B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2896] ntdll.dll!NtUnmapViewOfSection + 6 770A6AA6 4 Bytes [68, B3, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2896] ntdll.dll!NtUnmapViewOfSection + B 770A6AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtCreateFile + 6 770A56B6 4 Bytes [28, F4, 35, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtCreateFile + B 770A56BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtMapViewOfSection + 6 770A5D16 4 Bytes [28, F7, 35, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtMapViewOfSection + B 770A5D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenFile + 6 770A5DC6 4 Bytes [68, F4, 35, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenFile + B 770A5DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenProcess + 6 770A5E76 4 Bytes [A8, F5, 35, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenProcess + B 770A5E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenProcessToken + 6 770A5E86 4 Bytes CALL 760A9480 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenProcessToken + B 770A5E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenProcessTokenEx + 6 770A5E96 4 Bytes [A8, F6, 35, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenProcessTokenEx + B 770A5E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenThread + 6 770A5EF6 4 Bytes [68, F5, 35, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenThread + B 770A5EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenThreadToken + 6 770A5F06 4 Bytes [68, F6, 35, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenThreadToken + B 770A5F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenThreadTokenEx + 6 770A5F16 4 Bytes CALL 760A9511 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtOpenThreadTokenEx + B 770A5F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtQueryAttributesFile + 6 770A6026 4 Bytes [A8, F4, 35, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtQueryAttributesFile + B 770A602B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtQueryFullAttributesFile + 6 770A60D6 4 Bytes CALL 760A96CF C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtQueryFullAttributesFile + B 770A60DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtSetInformationFile + 6 770A6726 4 Bytes [28, F5, 35, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtSetInformationFile + B 770A672B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtSetInformationThread + 6 770A6786 4 Bytes [28, F6, 35, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtSetInformationThread + B 770A678B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtUnmapViewOfSection + 6 770A6AA6 4 Bytes [68, F7, 35, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2916] ntdll.dll!NtUnmapViewOfSection + B 770A6AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtCreateFile + 6 770A56B6 4 Bytes [28, 00, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtCreateFile + B 770A56BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtMapViewOfSection + 6 770A5D16 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtMapViewOfSection + 6 770A5D16 4 Bytes [28, 03, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtMapViewOfSection + B 770A5D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenFile + 6 770A5DC6 4 Bytes [68, 00, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenFile + B 770A5DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenProcess + 6 770A5E76 4 Bytes [A8, 01, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenProcess + B 770A5E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenProcessToken + 6 770A5E86 4 Bytes CALL 760AC58C C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenProcessToken + B 770A5E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenProcessTokenEx + 6 770A5E96 4 Bytes [A8, 02, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenProcessTokenEx + B 770A5E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenThread + 6 770A5EF6 4 Bytes [68, 01, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenThread + B 770A5EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenThreadToken + 6 770A5F06 4 Bytes [68, 02, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenThreadToken + B 770A5F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenThreadTokenEx + 6 770A5F16 4 Bytes CALL 760AC61D C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenThreadTokenEx + B 770A5F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtQueryAttributesFile + 6 770A6026 4 Bytes [A8, 00, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtQueryAttributesFile + B 770A602B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtQueryFullAttributesFile + 6 770A60D6 4 Bytes CALL 760AC7DB C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtQueryFullAttributesFile + B 770A60DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtSetInformationFile + 6 770A6726 4 Bytes [28, 01, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtSetInformationFile + B 770A672B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtSetInformationThread + 6 770A6786 4 Bytes [28, 02, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtSetInformationThread + B 770A678B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtUnmapViewOfSection + 6 770A6AA6 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtUnmapViewOfSection + 6 770A6AA6 4 Bytes [68, 03, 67, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtUnmapViewOfSection + B 770A6AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtCreateFile + 6 770A56B6 4 Bytes [28, D0, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtCreateFile + B 770A56BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtMapViewOfSection + 6 770A5D16 4 Bytes [28, D3, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtMapViewOfSection + B 770A5D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtOpenFile + 6 770A5DC6 4 Bytes [68, D0, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtOpenFile + B 770A5DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtOpenProcess + 6 770A5E76 4 Bytes [A8, D1, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtOpenProcess + B 770A5E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtOpenProcessToken + 6 770A5E86 4 Bytes CALL 760A765C C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtOpenProcessToken + B 770A5E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtOpenProcessTokenEx + 6 770A5E96 4 Bytes [A8, D2, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtOpenProcessTokenEx + B 770A5E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtOpenThread + 6 770A5EF6 4 Bytes [68, D1, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtOpenThread + B 770A5EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtOpenThreadToken + 6 770A5F06 4 Bytes [68, D2, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtOpenThreadToken + B 770A5F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtOpenThreadTokenEx + 6 770A5F16 4 Bytes CALL 760A76ED C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtOpenThreadTokenEx + B 770A5F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtQueryAttributesFile + 6 770A6026 4 Bytes [A8, D0, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtQueryAttributesFile + B 770A602B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtQueryFullAttributesFile + 6 770A60D6 4 Bytes CALL 760A78AB C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtQueryFullAttributesFile + B 770A60DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtSetInformationFile + 6 770A6726 4 Bytes [28, D1, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtSetInformationFile + B 770A672B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtSetInformationThread + 6 770A6786 4 Bytes [28, D2, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtSetInformationThread + B 770A678B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtUnmapViewOfSection + 6 770A6AA6 4 Bytes [68, D3, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5320] ntdll.dll!NtUnmapViewOfSection + B 770A6AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtCreateFile + 6 770A56B6 4 Bytes [28, D8, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtCreateFile + B 770A56BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtMapViewOfSection + 6 770A5D16 4 Bytes [28, DB, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtMapViewOfSection + B 770A5D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenFile + 6 770A5DC6 4 Bytes [68, D8, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenFile + B 770A5DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenProcess + 6 770A5E76 4 Bytes [A8, D9, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenProcess + B 770A5E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenProcessToken + B 770A5E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenProcessTokenEx + 6 770A5E96 4 Bytes [A8, DA, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenProcessTokenEx + B 770A5E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenThread + 6 770A5EF6 4 Bytes [68, D9, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenThread + B 770A5EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenThreadToken + 6 770A5F06 4 Bytes [68, DA, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenThreadToken + B 770A5F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenThreadTokenEx + B 770A5F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtQueryAttributesFile + 6 770A6026 4 Bytes [A8, D8, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtQueryAttributesFile + B 770A602B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtQueryFullAttributesFile + B 770A60DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtSetInformationFile + 6 770A6726 4 Bytes [28, D9, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtSetInformationFile + B 770A672B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtSetInformationThread + 6 770A6786 4 Bytes [28, DA, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtSetInformationThread + B 770A678B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtUnmapViewOfSection + 6 770A6AA6 4 Bytes [68, DB, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtUnmapViewOfSection + B 770A6AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6160] ntdll.dll!NtCreateFile + 6 770A56B6 4 Bytes [28, B0, AA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6160] ntdll.dll!NtCreateFile + B 770A56BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6160] ntdll.dll!NtMapViewOfSection + 6 770A5D16 4 Bytes [28, B3, AA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6160] ntdll.dll!NtMapViewOfSection + B 770A5D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6160] ntdll.dll!NtOpenFile + 6 770A5DC6 4 Bytes [68, B0, AA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6160] ntdll.dll!NtOpenFile + B 770A5DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6160] ntdll.dll!NtOpenProcess + 6 770A5E76 4 Bytes [A8, B1, AA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6160] ntdll.dll!NtOpenProcess + B 770A5E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6160] ntdll.dll!NtOpenProcessToken + B 770A5E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6160] ntdll.dll!NtOpenProcessTokenEx + 6 770A5E96 4 Bytes [A8, B2, AA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6160] ntdll.dll!NtOpenProcessTokenEx + B 770A5E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6160] ntdll.dll!NtOpenThread + 6 770A5EF6 4 Bytes [68, B1, AA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6160] ntdll.dll!NtOpenThread + B 770A5EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6160] ntdll.dll!NtOpenThreadToken + 6 770A5F06 4 Bytes [68, B2, AA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6160] ntdll.dll!NtOpenThreadToken + B 770A5F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6160] ntdll.dll!NtOpenThreadTokenEx + B 770A5F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6160] ntdll.dll!NtQueryAttributesFile + 6 770A6026 4 Bytes [A8, B0, AA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6160] ntdll.dll!NtQueryAttributesFile + B 770A602B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6160] ntdll.dll!NtQueryFullAttributesFile + B 770A60DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6160] ntdll.dll!NtSetInformationFile + 6 770A6726 4 Bytes [28, B1, AA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6160] ntdll.dll!NtSetInformationFile + B 770A672B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6160] ntdll.dll!NtSetInformationThread + 6 770A6786 4 Bytes [28, B2, AA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6160] ntdll.dll!NtSetInformationThread + B 770A678B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6160] ntdll.dll!NtUnmapViewOfSection + 6 770A6AA6 4 Bytes [68, B3, AA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6160] ntdll.dll!NtUnmapViewOfSection + B 770A6AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6192] ntdll.dll!NtCreateFile + 6 770A56B6 4 Bytes [28, 08, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6192] ntdll.dll!NtCreateFile + B 770A56BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6192] ntdll.dll!NtMapViewOfSection + 6 770A5D16 4 Bytes [28, 0B, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6192] ntdll.dll!NtMapViewOfSection + B 770A5D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6192] ntdll.dll!NtOpenFile + 6 770A5DC6 4 Bytes [68, 08, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6192] ntdll.dll!NtOpenFile + B 770A5DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6192] ntdll.dll!NtOpenProcess + 6 770A5E76 4 Bytes [A8, 09, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6192] ntdll.dll!NtOpenProcess + B 770A5E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6192] ntdll.dll!NtOpenProcessToken + 6 770A5E86 4 Bytes CALL 760AAE94 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6192] ntdll.dll!NtOpenProcessToken + B 770A5E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6192] ntdll.dll!NtOpenProcessTokenEx + 6 770A5E96 4 Bytes [A8, 0A, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6192] ntdll.dll!NtOpenProcessTokenEx + B 770A5E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6192] ntdll.dll!NtOpenThread + 6 770A5EF6 4 Bytes [68, 09, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6192] ntdll.dll!NtOpenThread + B 770A5EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6192] ntdll.dll!NtOpenThreadToken + 6 770A5F06 4 Bytes [68, 0A, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6192] ntdll.dll!NtOpenThreadToken + B 770A5F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6192] ntdll.dll!NtOpenThreadTokenEx + 6 770A5F16 4 Bytes CALL 760AAF25 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6192] ntdll.dll!NtOpenThreadTokenEx + B 770A5F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6192] ntdll.dll!NtQueryAttributesFile + 6 770A6026 4 Bytes [A8, 08, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6192] ntdll.dll!NtQueryAttributesFile + B 770A602B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6192] ntdll.dll!NtQueryFullAttributesFile + 6 770A60D6 4 Bytes CALL 760AB0E3 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6192] ntdll.dll!NtQueryFullAttributesFile + B 770A60DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6192] ntdll.dll!NtSetInformationFile + 6 770A6726 4 Bytes [28, 09, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6192] ntdll.dll!NtSetInformationFile + B 770A672B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6192] ntdll.dll!NtSetInformationThread + 6 770A6786 4 Bytes [28, 0A, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6192] ntdll.dll!NtSetInformationThread + B 770A678B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6192] ntdll.dll!NtUnmapViewOfSection + 6 770A6AA6 4 Bytes [68, 0B, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6192] ntdll.dll!NtUnmapViewOfSection + B 770A6AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6448] ntdll.dll!NtCreateFile + 6 770A56B6 4 Bytes [28, B8, 9A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6448] ntdll.dll!NtCreateFile + B 770A56BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6448] ntdll.dll!NtMapViewOfSection + 6 770A5D16 4 Bytes [28, BB, 9A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6448] ntdll.dll!NtMapViewOfSection + B 770A5D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6448] ntdll.dll!NtOpenFile + 6 770A5DC6 4 Bytes [68, B8, 9A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6448] ntdll.dll!NtOpenFile + B 770A5DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6448] ntdll.dll!NtOpenProcess + 6 770A5E76 4 Bytes [A8, B9, 9A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6448] ntdll.dll!NtOpenProcess + B 770A5E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6448] ntdll.dll!NtOpenProcessToken + 6 770A5E86 4 Bytes CALL 760AF944 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6448] ntdll.dll!NtOpenProcessToken + B 770A5E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6448] ntdll.dll!NtOpenProcessTokenEx + 6 770A5E96 4 Bytes [A8, BA, 9A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6448] ntdll.dll!NtOpenProcessTokenEx + B 770A5E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6448] ntdll.dll!NtOpenThread + 6 770A5EF6 4 Bytes [68, B9, 9A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6448] ntdll.dll!NtOpenThread + B 770A5EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6448] ntdll.dll!NtOpenThreadToken + 6 770A5F06 4 Bytes [68, BA, 9A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6448] ntdll.dll!NtOpenThreadToken + B 770A5F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6448] ntdll.dll!NtOpenThreadTokenEx + 6 770A5F16 4 Bytes CALL 760AF9D5 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6448] ntdll.dll!NtOpenThreadTokenEx + B 770A5F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6448] ntdll.dll!NtQueryAttributesFile + 6 770A6026 4 Bytes [A8, B8, 9A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6448] ntdll.dll!NtQueryAttributesFile + B 770A602B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6448] ntdll.dll!NtQueryFullAttributesFile + 6 770A60D6 4 Bytes CALL 760AFB93 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6448] ntdll.dll!NtQueryFullAttributesFile + B 770A60DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6448] ntdll.dll!NtSetInformationFile + 6 770A6726 4 Bytes [28, B9, 9A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6448] ntdll.dll!NtSetInformationFile + B 770A672B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6448] ntdll.dll!NtSetInformationThread + 6 770A6786 4 Bytes [28, BA, 9A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6448] ntdll.dll!NtSetInformationThread + B 770A678B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6448] ntdll.dll!NtUnmapViewOfSection + 6 770A6AA6 4 Bytes [68, BB, 9A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6448] ntdll.dll!NtUnmapViewOfSection + B 770A6AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7060] ntdll.dll!NtCreateFile + 6 770A56B6 4 Bytes [28, 94, 58, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7060] ntdll.dll!NtCreateFile + B 770A56BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7060] ntdll.dll!NtMapViewOfSection + 6 770A5D16 4 Bytes [28, 97, 58, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7060] ntdll.dll!NtMapViewOfSection + B 770A5D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7060] ntdll.dll!NtOpenFile + 6 770A5DC6 4 Bytes [68, 94, 58, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7060] ntdll.dll!NtOpenFile + B 770A5DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7060] ntdll.dll!NtOpenProcess + 6 770A5E76 4 Bytes [A8, 95, 58, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7060] ntdll.dll!NtOpenProcess + B 770A5E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7060] ntdll.dll!NtOpenProcessToken + 6 770A5E86 4 Bytes CALL 760AB720 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7060] ntdll.dll!NtOpenProcessToken + B 770A5E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7060] ntdll.dll!NtOpenProcessTokenEx + 6 770A5E96 4 Bytes [A8, 96, 58, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7060] ntdll.dll!NtOpenProcessTokenEx + B 770A5E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7060] ntdll.dll!NtOpenThread + 6 770A5EF6 4 Bytes [68, 95, 58, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7060] ntdll.dll!NtOpenThread + B 770A5EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7060] ntdll.dll!NtOpenThreadToken + 6 770A5F06 4 Bytes [68, 96, 58, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7060] ntdll.dll!NtOpenThreadToken + B 770A5F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7060] ntdll.dll!NtOpenThreadTokenEx + 6 770A5F16 4 Bytes CALL 760AB7B1 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7060] ntdll.dll!NtOpenThreadTokenEx + B 770A5F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7060] ntdll.dll!NtQueryAttributesFile + 6 770A6026 4 Bytes [A8, 94, 58, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7060] ntdll.dll!NtQueryAttributesFile + B 770A602B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7060] ntdll.dll!NtQueryFullAttributesFile + 6 770A60D6 4 Bytes CALL 760AB96F C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7060] ntdll.dll!NtQueryFullAttributesFile + B 770A60DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7060] ntdll.dll!NtSetInformationFile + 6 770A6726 4 Bytes [28, 95, 58, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7060] ntdll.dll!NtSetInformationFile + B 770A672B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7060] ntdll.dll!NtSetInformationThread + 6 770A6786 4 Bytes [28, 96, 58, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7060] ntdll.dll!NtSetInformationThread + B 770A678B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7060] ntdll.dll!NtUnmapViewOfSection + 6 770A6AA6 4 Bytes [68, 97, 58, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7060] ntdll.dll!NtUnmapViewOfSection + B 770A6AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7308] ntdll.dll!NtCreateFile + 6 770A56B6 4 Bytes [28, 28, DE, 00] {SUB [EAX], CH; FIADD WORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7308] ntdll.dll!NtCreateFile + B 770A56BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7308] ntdll.dll!NtMapViewOfSection + 6 770A5D16 4 Bytes [28, 2B, DE, 00] {SUB [EBX], CH; FIADD WORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7308] ntdll.dll!NtMapViewOfSection + B 770A5D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7308] ntdll.dll!NtOpenFile + 6 770A5DC6 4 Bytes [68, 28, DE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7308] ntdll.dll!NtOpenFile + B 770A5DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7308] ntdll.dll!NtOpenProcess + 6 770A5E76 4 Bytes [A8, 29, DE, 00] {TEST AL, 0x29; FIADD WORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7308] ntdll.dll!NtOpenProcess + B 770A5E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7308] ntdll.dll!NtOpenProcessToken + B 770A5E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7308] ntdll.dll!NtOpenProcessTokenEx + 6 770A5E96 4 Bytes [A8, 2A, DE, 00] {TEST AL, 0x2a; FIADD WORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7308] ntdll.dll!NtOpenProcessTokenEx + B 770A5E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7308] ntdll.dll!NtOpenThread + 6 770A5EF6 4 Bytes [68, 29, DE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7308] ntdll.dll!NtOpenThread + B 770A5EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7308] ntdll.dll!NtOpenThreadToken + 6 770A5F06 4 Bytes [68, 2A, DE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7308] ntdll.dll!NtOpenThreadToken + B 770A5F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7308] ntdll.dll!NtOpenThreadTokenEx + B 770A5F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7308] ntdll.dll!NtQueryAttributesFile + 6 770A6026 4 Bytes [A8, 28, DE, 00] {TEST AL, 0x28; FIADD WORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7308] ntdll.dll!NtQueryAttributesFile + B 770A602B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7308] ntdll.dll!NtQueryFullAttributesFile + B 770A60DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7308] ntdll.dll!NtSetInformationFile + 6 770A6726 4 Bytes [28, 29, DE, 00] {SUB [ECX], CH; FIADD WORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7308] ntdll.dll!NtSetInformationFile + B 770A672B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7308] ntdll.dll!NtSetInformationThread + 6 770A6786 4 Bytes [28, 2A, DE, 00] {SUB [EDX], CH; FIADD WORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7308] ntdll.dll!NtSetInformationThread + B 770A678B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7308] ntdll.dll!NtUnmapViewOfSection + 6 770A6AA6 4 Bytes [68, 2B, DE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7308] ntdll.dll!NtUnmapViewOfSection + B 770A6AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7372] ntdll.dll!NtMapViewOfSection + 6 770A5D16 4 Bytes [18, 20, A6, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7372] ntdll.dll!NtMapViewOfSection + B 770A5D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7472] ntdll.dll!NtCreateFile + 6 770A56B6 4 Bytes [28, 10, C7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7472] ntdll.dll!NtCreateFile + B 770A56BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7472] ntdll.dll!NtMapViewOfSection + 6 770A5D16 4 Bytes [28, 13, C7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7472] ntdll.dll!NtMapViewOfSection + B 770A5D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7472] ntdll.dll!NtOpenFile + 6 770A5DC6 4 Bytes [68, 10, C7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7472] ntdll.dll!NtOpenFile + B 770A5DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7472] ntdll.dll!NtOpenProcess + 6 770A5E76 4 Bytes [A8, 11, C7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7472] ntdll.dll!NtOpenProcess + B 770A5E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7472] ntdll.dll!NtOpenProcessToken + B 770A5E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7472] ntdll.dll!NtOpenProcessTokenEx + 6 770A5E96 4 Bytes [A8, 12, C7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7472] ntdll.dll!NtOpenProcessTokenEx + B 770A5E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7472] ntdll.dll!NtOpenThread + 6 770A5EF6 4 Bytes [68, 11, C7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7472] ntdll.dll!NtOpenThread + B 770A5EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7472] ntdll.dll!NtOpenThreadToken + 6 770A5F06 4 Bytes [68, 12, C7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7472] ntdll.dll!NtOpenThreadToken + B 770A5F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7472] ntdll.dll!NtOpenThreadTokenEx + B 770A5F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7472] ntdll.dll!NtQueryAttributesFile + 6 770A6026 4 Bytes [A8, 10, C7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7472] ntdll.dll!NtQueryAttributesFile + B 770A602B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7472] ntdll.dll!NtQueryFullAttributesFile + B 770A60DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7472] ntdll.dll!NtSetInformationFile + 6 770A6726 4 Bytes [28, 11, C7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7472] ntdll.dll!NtSetInformationFile + B 770A672B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7472] ntdll.dll!NtSetInformationThread + 6 770A6786 4 Bytes [28, 12, C7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7472] ntdll.dll!NtSetInformationThread + B 770A678B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7472] ntdll.dll!NtUnmapViewOfSection + 6 770A6AA6 4 Bytes [68, 13, C7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7472] ntdll.dll!NtUnmapViewOfSection + B 770A6AAB 1 Byte [E2] .text C:\Program Files\Steam\bin\steamwebhelper.exe[7528] ntdll.dll!NtCreateFile + 6 770A56B6 4 Bytes [28, 60, C7, 00] .text C:\Program Files\Steam\bin\steamwebhelper.exe[7528] ntdll.dll!NtCreateFile + B 770A56BB 1 Byte [E2] .text C:\Program Files\Steam\bin\steamwebhelper.exe[7528] ntdll.dll!NtCreateKey + 6 770A56F6 4 Bytes [68, 61, C7, 00] .text C:\Program Files\Steam\bin\steamwebhelper.exe[7528] ntdll.dll!NtCreateKey + B 770A56FB 1 Byte [E2] .text C:\Program Files\Steam\bin\steamwebhelper.exe[7528] ntdll.dll!NtMapViewOfSection + B 770A5D1B 1 Byte [E2] .text C:\Program Files\Steam\bin\steamwebhelper.exe[7528] ntdll.dll!NtOpenFile + 6 770A5DC6 4 Bytes [68, 60, C7, 00] .text C:\Program Files\Steam\bin\steamwebhelper.exe[7528] ntdll.dll!NtOpenFile + B 770A5DCB 1 Byte [E2] .text C:\Program Files\Steam\bin\steamwebhelper.exe[7528] ntdll.dll!NtOpenKey + 6 770A5DF6 4 Bytes [A8, 61, C7, 00] .text C:\Program Files\Steam\bin\steamwebhelper.exe[7528] ntdll.dll!NtOpenKey + B 770A5DFB 1 Byte [E2] .text C:\Program Files\Steam\bin\steamwebhelper.exe[7528] ntdll.dll!NtOpenKeyEx + B 770A5E0B 1 Byte [E2] .text C:\Program Files\Steam\bin\steamwebhelper.exe[7528] ntdll.dll!NtOpenProcess + 6 770A5E76 4 Bytes [68, 62, C7, 00] .text C:\Program Files\Steam\bin\steamwebhelper.exe[7528] ntdll.dll!NtOpenProcess + B 770A5E7B 1 Byte [E2] .text C:\Program Files\Steam\bin\steamwebhelper.exe[7528] ntdll.dll!NtOpenProcessToken + 6 770A5E86 4 Bytes [A8, 62, C7, 00] .text C:\Program Files\Steam\bin\steamwebhelper.exe[7528] ntdll.dll!NtOpenProcessToken + B 770A5E8B 1 Byte [E2] .text C:\Program Files\Steam\bin\steamwebhelper.exe[7528] ntdll.dll!NtOpenProcessTokenEx + 6 770A5E96 4 Bytes [68, 63, C7, 00] .text C:\Program Files\Steam\bin\steamwebhelper.exe[7528] ntdll.dll!NtOpenProcessTokenEx + B 770A5E9B 1 Byte [E2] .text C:\Program Files\Steam\bin\steamwebhelper.exe[7528] ntdll.dll!NtOpenThread + 6 770A5EF6 4 Bytes [28, 62, C7, 00] .text C:\Program Files\Steam\bin\steamwebhelper.exe[7528] ntdll.dll!NtOpenThread + B 770A5EFB 1 Byte [E2] .text C:\Program Files\Steam\bin\steamwebhelper.exe[7528] ntdll.dll!NtOpenThreadToken + 6 770A5F06 4 Bytes [28, 63, C7, 00] .text C:\Program Files\Steam\bin\steamwebhelper.exe[7528] ntdll.dll!NtOpenThreadToken + B 770A5F0B 1 Byte [E2] .text C:\Program Files\Steam\bin\steamwebhelper.exe[7528] ntdll.dll!NtOpenThreadTokenEx + 6 770A5F16 4 Bytes [A8, 63, C7, 00] .text C:\Program Files\Steam\bin\steamwebhelper.exe[7528] ntdll.dll!NtOpenThreadTokenEx + B 770A5F1B 1 Byte [E2] .text C:\Program Files\Steam\bin\steamwebhelper.exe[7528] ntdll.dll!NtQueryAttributesFile + 6 770A6026 4 Bytes [A8, 60, C7, 00] .text C:\Program Files\Steam\bin\steamwebhelper.exe[7528] ntdll.dll!NtQueryAttributesFile + B 770A602B 1 Byte [E2] .text C:\Program Files\Steam\bin\steamwebhelper.exe[7528] ntdll.dll!NtQueryFullAttributesFile + B 770A60DB 1 Byte [E2] .text C:\Program Files\Steam\bin\steamwebhelper.exe[7528] ntdll.dll!NtSetInformationFile + 6 770A6726 4 Bytes [28, 61, C7, 00] .text C:\Program Files\Steam\bin\steamwebhelper.exe[7528] ntdll.dll!NtSetInformationFile + B 770A672B 1 Byte [E2] .text C:\Program Files\Steam\bin\steamwebhelper.exe[7528] ntdll.dll!NtSetInformationThread + B 770A678B 1 Byte [E2] .text C:\Program Files\Steam\bin\steamwebhelper.exe[7528] ntdll.dll!NtUnmapViewOfSection + 6 770A6AA6 4 Bytes [28, 64, C7, 00] {SUB [EDI+EAX*8+0x0], AH} .text C:\Program Files\Steam\bin\steamwebhelper.exe[7528] ntdll.dll!NtUnmapViewOfSection + B 770A6AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7868] ntdll.dll!NtCreateFile + 6 770A56B6 4 Bytes [28, 74, DC, 00] {SUB [ESP+EBX*8+0x0], DH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7868] ntdll.dll!NtCreateFile + B 770A56BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7868] ntdll.dll!NtMapViewOfSection + 6 770A5D16 4 Bytes [28, 77, DC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7868] ntdll.dll!NtMapViewOfSection + B 770A5D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7868] ntdll.dll!NtOpenFile + 6 770A5DC6 4 Bytes [68, 74, DC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7868] ntdll.dll!NtOpenFile + B 770A5DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7868] ntdll.dll!NtOpenProcess + 6 770A5E76 4 Bytes [A8, 75, DC, 00] {TEST AL, 0x75; FADD QWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7868] ntdll.dll!NtOpenProcess + B 770A5E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7868] ntdll.dll!NtOpenProcessToken + B 770A5E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7868] ntdll.dll!NtOpenProcessTokenEx + 6 770A5E96 4 Bytes [A8, 76, DC, 00] {TEST AL, 0x76; FADD QWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7868] ntdll.dll!NtOpenProcessTokenEx + B 770A5E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7868] ntdll.dll!NtOpenThread + 6 770A5EF6 4 Bytes [68, 75, DC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7868] ntdll.dll!NtOpenThread + B 770A5EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7868] ntdll.dll!NtOpenThreadToken + 6 770A5F06 4 Bytes [68, 76, DC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7868] ntdll.dll!NtOpenThreadToken + B 770A5F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7868] ntdll.dll!NtOpenThreadTokenEx + B 770A5F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7868] ntdll.dll!NtQueryAttributesFile + 6 770A6026 4 Bytes [A8, 74, DC, 00] {TEST AL, 0x74; FADD QWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7868] ntdll.dll!NtQueryAttributesFile + B 770A602B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7868] ntdll.dll!NtQueryFullAttributesFile + B 770A60DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7868] ntdll.dll!NtSetInformationFile + 6 770A6726 4 Bytes [28, 75, DC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7868] ntdll.dll!NtSetInformationFile + B 770A672B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7868] ntdll.dll!NtSetInformationThread + 6 770A6786 4 Bytes [28, 76, DC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7868] ntdll.dll!NtSetInformationThread + B 770A678B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7868] ntdll.dll!NtUnmapViewOfSection + 6 770A6AA6 4 Bytes [68, 77, DC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7868] ntdll.dll!NtUnmapViewOfSection + B 770A6AAB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[9788] ntdll.dll!NtCreateFile + 6 770A56B6 4 Bytes [28, F8, 4B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[9788] ntdll.dll!NtCreateFile + B 770A56BB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[9788] ntdll.dll!NtMapViewOfSection + 6 770A5D16 4 Bytes [28, FB, 4B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[9788] ntdll.dll!NtMapViewOfSection + B 770A5D1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[9788] ntdll.dll!NtOpenFile + 6 770A5DC6 4 Bytes [68, F8, 4B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[9788] ntdll.dll!NtOpenFile + B 770A5DCB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[9788] ntdll.dll!NtOpenProcess + 6 770A5E76 4 Bytes [A8, F9, 4B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[9788] ntdll.dll!NtOpenProcess + B 770A5E7B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[9788] ntdll.dll!NtOpenProcessToken + 6 770A5E86 4 Bytes CALL 760AAA84 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[9788] ntdll.dll!NtOpenProcessToken + B 770A5E8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[9788] ntdll.dll!NtOpenProcessTokenEx + 6 770A5E96 4 Bytes [A8, FA, 4B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[9788] ntdll.dll!NtOpenProcessTokenEx + B 770A5E9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[9788] ntdll.dll!NtOpenThread + 6 770A5EF6 4 Bytes [68, F9, 4B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[9788] ntdll.dll!NtOpenThread + B 770A5EFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[9788] ntdll.dll!NtOpenThreadToken + 6 770A5F06 4 Bytes [68, FA, 4B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[9788] ntdll.dll!NtOpenThreadToken + B 770A5F0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[9788] ntdll.dll!NtOpenThreadTokenEx + 6 770A5F16 4 Bytes CALL 760AAB15 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[9788] ntdll.dll!NtOpenThreadTokenEx + B 770A5F1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[9788] ntdll.dll!NtQueryAttributesFile + 6 770A6026 4 Bytes [A8, F8, 4B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[9788] ntdll.dll!NtQueryAttributesFile + B 770A602B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[9788] ntdll.dll!NtQueryFullAttributesFile + 6 770A60D6 4 Bytes CALL 760AACD3 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[9788] ntdll.dll!NtQueryFullAttributesFile + B 770A60DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[9788] ntdll.dll!NtSetInformationFile + 6 770A6726 4 Bytes [28, F9, 4B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[9788] ntdll.dll!NtSetInformationFile + B 770A672B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[9788] ntdll.dll!NtSetInformationThread + 6 770A6786 4 Bytes [28, FA, 4B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[9788] ntdll.dll!NtSetInformationThread + B 770A678B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[9788] ntdll.dll!NtUnmapViewOfSection + 6 770A6AA6 4 Bytes [68, FB, 4B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[9788] ntdll.dll!NtUnmapViewOfSection + B 770A6AAB 1 Byte [E2] ---- Registry - GMER 2.1 ---- Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Hi-Rez Studios\HiPatchService.exe 0x5D 0xC5 0x0A 0xE2 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 0xBC 0x83 0xD5 0xA5 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Steam\steamapps\common\SMITE\Binaries\Win32\HirezBridge.exe 0x2F 0xA5 0xCD 0x9C ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Hi-Rez Studios\HirezLauncherUI.exe 0x51 0xFA 0x38 0x9E ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\System32\sdiagnhost.exe 0x0A 0x4F 0x1D 0x35 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe 0x90 0xFC 0xAB 0x35 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Master\EasyClicker\EasyClicker Pro 1.3v.exe 0x63 0xA0 0x69 0xE2 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Users\artystav2\AppData\Roaming\Riot Games\League of Legends\prerequisites\DXSETUP.exe 0x86 0xD2 0x82 0x29 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Steam\steamapps\common\NARUTO SHIPPUDEN Ultimate Ninja STORM 3 Full Burst\_CommonRedist\DirectX\Jun2010\DXSETUP.exe 0x55 0xCC 0x87 0x33 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\CdRom0\DirectX\DXSETUP.exe 0x0D 0x5F 0x8B 0xB7 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\hh.exe 0x9A 0x34 0x22 0xE9 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Hi-Rez Studios\HiPatchSelfUpdateWindow.exe 0xC5 0xE7 0x66 0x26 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Steam\steamapps\common\Counter-Strike Global Offensive\directx_installer\dxsetup.exe 0x6C 0x91 0x5E 0x05 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Users\artystav2\Desktop\osu!install.exe 0xC1 0xBF 0x15 0xCF ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Users\artystav2\AppData\Local\osu!\osu!.exe 0xDD 0xBB 0x4B 0x6C ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Users\artystav2\Desktop\FRST.exe 0x91 0xA6 0x86 0xF4 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\MSI\MSITrigger\MSI_Trigger_Service.exe 0x67 0xA4 0x7F 0xE6 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\Razer\RzWizard\RzWizardService.exe 0x00 0x8D 0x14 0x15 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 0x43 0x15 0x24 0xA3 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\Razer\Razer Services\GSS\GameScannerService.exe 0xD8 0xB7 0x7A 0xEA ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\Razer\Synapse\RzSynapse.exe 0xBB 0x1D 0x27 0xE4 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe 0xDC 0x8B 0xFC 0xFE ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTModernUI.exe 0x2B 0x98 0xBE 0x5D ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\rundll32.exe 0x31 0x9B 0xA3 0x32 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\msiexec.exe 0x46 0x71 0x5B 0xCD ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Users\artystav2\Desktop\LeagueofLegends_EUNE_Installer_9_15_2014.exe 0x29 0x9E 0x03 0x02 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\Steam\steamapps\common\NARUTO SHIPPUDEN Ultimate Ninja STORM 3 Full Burst\NS3FB_launcher.exe 0x34 0xEC 0x64 0xBE ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\Steam\steamapps\common\NARUTO SHIPPUDEN Ultimate Ninja STORM 3 Full Burst\NS3FB_option1.exe 0x75 0xCE 0xCE 0x74 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\Steam\steamapps\common\NARUTO SHIPPUDEN Ultimate Ninja STORM 3 Full Burst\NS3FB_option2.exe 0x2E 0x8A 0x8F 0xE9 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Users\artystav2\Desktop\FortiClientInstaller.exe 0x34 0x2B 0x9D 0xD8 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Users\artystav2\AppData\Local\osu!\osu!.exe 0x34 0xC4 0xD4 0x27 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Users\artystav2\Desktop\FRST.exe 0x65 0xAC 0x6E 0xF9 ... Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{D6104EC2-8B47-11E5-9D99-806E6F6E6963} 1549717816 Reg HKLM\SOFTWARE\Classes\CLSID\{7067E2CD-558E-2DC6-0DA9-05E536075FF3}\gsifzwBrZCef@ XsBxpgwdM}FNU Reg HKLM\SOFTWARE\Classes\CLSID\{7067E2CD-558E-2DC6-0DA9-05E536075FF3}\olavasJqqgct@ jsBJmlRMzfq@S\XEZqgs[hghlZLbwj_ ---- EOF - GMER 2.1 ----